Security researchers have identified a widespread campaign where cybercriminals are misusing Google Cloud Run to disseminate banking trojans, namely the malware known as Astaroth, Mekotio, and Ousaban. As reported by Cisco Talos researchers, the first surge of misuse was observed in September
A critical vulnerability in the Bricks Builder theme for WordPress, tracked as CVE-2024-25600, has been actively exploited by hackers. The flaw, affecting over 25,000 websites, allows unauthenticated attackers to execute arbitrary PHP code on a site or server. It was discovered by a security
Southern Water, a leading utility firm in the UK, has disclosed that the personal data of nearly half a million customers may have been compromised. The breach is one of the largest affecting the water industry in recent times and has raised serious concerns over its digital security. The
Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained more than 200,000 records, which included sensitive files containing PII of students and parents. The non-password protected cloud storage database contained a
In a concerning discovery, about 55% of all inputs to generative AI platforms contain sensitive and personally identifiable information (PII). This revelation was uncovered in a new report released by Menlo Security, which highlighted the rapid developments of both generative AI and the
A newly discovered critical vulnerability in Microsoft Outlook, CVE-2024-21413, poses a significant threat to users by enabling remote code execution (RCE) through emails with malicious links. This flaw, identified by Check Point researcher Haifei Li, allows threat actors to bypass built-in
In a significant breach of privacy, TheTruthSpy, a surveillance application, has been hacked, compromising the data of over 50,000 Android devices across the globe. This incident marks the fourth time the application has fallen victim to hackers due to the same unfixed security flaw. According
Over 33 million individuals in France — nearly half the country’s population — have had their personal data exposed. This breach targeted Viamedis and Almerys, two prominent service providers in the French healthcare and insurance sectors. The French data protection authority, the National
Google's Threat Analysis Group (TAG) has published a report on the widespread use of commercial spyware, commonly supplied by Europe-based startups for government surveillance campaigns. In one recent campaign, government-backed hackers used tools supplied by Variston, a Barcelona-based spyware
A new malware, named Ov3r_Stealer, is spreading through fake job advertisements on Facebook. Discovered by Trustwave SpiderLabs, the threat actors behind the malware target users by offering bogus management positions, leading them to download a weaponized PDF. Within the file, the user is directed